02.06.2025
2 min
553
A database configuration error exposed 2.7 million US patient medical profiles and 8.8 million appointment records.
A team of researchers discovered an unsecured MongoDB database containing personal medical data of US patients. A total of 2.7 million patient records and 8.8 million appointment records were exposed. Although the source of the leak has not been officially confirmed, indications point to Gargle, a company that provides marketing and IT services to dental clinics. The data included names, dates of birth, emails, phone numbers, addresses, gender, ID cards, appointment records and even payment information. The company has since been notified of the leak, but has not yet commented.
MongoDB is a popular database that is often left open due to configuration errors. Such incidents occur in many areas, but are especially dangerous in medicine, as companies working with patient data are required to comply with HIPAA standards. The leak showed how risky it is to involve third parties in the processing of sensitive information. Gargle, although not a medical provider, had access to online recording, patient communication and payment integration tools.
The large-scale leak has once again revealed weaknesses in the IT infrastructure of the medical sector. Companies that even indirectly process medical data must adhere to strict cybersecurity standards. Patients are advised to monitor suspicious medical bills, avoid phishing messages and consider signing up for personal data monitoring.
